Traversing the Path to RCE

This post will detail the steps I took to find a path traversal vulnerability, and how I paired the vulnerability with the logic of the application to achieve Remote Code Execution through a shell upload. I found this while testing a mobile application that has a feature allowing users to upload and encrypt documents to […]

Read More Traversing the Path to RCE

Yahoo! RCE via Spring Engine SSTI

This is write up in which I’ll explain a vulnerability I recently found, and reported through Yahoo’s bug bounty program. When testing the security of web applications, doing reconnaissance is an important part of finding potentially vulnerable web assets, as you can discover subdomains, directories, and other assets, that could increase the surface of attack. […]

Read More Yahoo! RCE via Spring Engine SSTI